Tag: Pwn2Own
-
$1M WhatsApp Zero-Click Exploit Withdrawn at Pwn2Own, Shared with Meta
Researchers from Team Z3 have withdrawn their planned demonstration of a WhatsApp vulnerability at the Pwn2Own Ireland 2025 hacking competition — an exploit that could have earned them a record $1 million prize. According to the Zero Day Initiative (ZDI), the team decided not to present the exploit publicly, deeming their research “not yet sufficiently…
-
Hacker Teams Win $792K as Samsung Galaxy S25 is Hacked at Pwn2Own
On the second day of Pwn2Own Ireland 2025, participants delivered an impressive display of skill, uncovering 56 new zero-day vulnerabilities and earning a combined total of $792,750 in rewards. This marks the second phase of the competition, held in Cork, Ireland, where cybersecurity experts compete to identify critical flaws in widely used devices and software.…
-
The $1M Zero-Click Challenge: Pwn2Own Offers Record-Breaking Bounty for a WhatsApp Exploit
The organizers of the world’s premier hacking competition, Pwn2Own, have announced a reward that has instantly shifted the industry’s spotlight: a staggering $1 million will be awarded for the successful demonstration of a full-fledged zero-click vulnerability in WhatsApp. This unprecedented prize marks the highest single payout in the contest’s history—offered for an exploit requiring no…
-
The Pwn2Own Exploit That Never Was: A Format String Flaw in Synology IP Cameras Allowed Remote Code Execution
In the autumn of 2024, the InfoSect bug hunting team prepared a remote code execution attack targeting the Synology TC500 IP camera for entry in the Pwn2Own Ireland competition. The exploitation hinged on a flaw in the implementation of string formatting, which allowed the bypass of ASLR and granted complete control over the device. Although…
-
Pwn2Own Berlin: Critical IonMonkey JIT Bug Exposes Firefox to Memory Corruption
During the Pwn2Own Berlin 2025 competition, security researcher Manfred Paul successfully demonstrated an attack against the Mozilla Firefox browser’s rendering process by exploiting a vulnerability in the IonMonkey JIT compiler. Although he did not achieve a full sandbox escape from the JavaScript engine, the discovery itself was of significant importance. The flaw was assigned CVE-2025-4919,…
-
Synology Router Manager Vulnerability: Immediate Update Required
Synology, a leading provider of network-attached storage (NAS) and surveillance solutions, has issued a security advisory to address a high-severity vulnerability affecting Synology Router Manager (SRM). This vulnerability, discovered during the PWN2OWN 2023 security competition, could allow man-in-the-middle attackers to execute arbitrary code or gain unauthorized access to intranet resources. Vulnerability Details The vulnerability resides…
-
Pwn2Own contest will be held in March: Win $500,000 for hacking a Model 3
Trend Micro announced that its Pwn2Own annual hacker contest will be held in Vancouver, Canada from March 18th to 20th. Pwn2Own will allow security researchers to discover vulnerabilities in web browsers such as macOS, Windows, Safari, and Chrome. This year, Safari on macOS will offer two rewards, one of which is a $60,000 reward for…
-
Pwn2Own Hacking Contest will contain ICS projects
The organizers of Pwn2Own recently disclosed that the next Pwn2Own competition will add the Industrial Control System (ICS) software and protocol for the first time. Pwn2Own is the most famous hacking contest in the world. Previously, browsers and operating systems were used as targets. It is understood that the organizer will require participants to find…